Description

png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.

Remediation

References

CVE-2019-7317

Related Vulnerabilities

WordPress Plugin The Plus Addons for Elementor Security Bypass (4.1.10)

WordPress Plugin Login with Cognito Cross-Site Scripting (1.4.8)

WordPress Plugin Ninja Forms Contact Form-The Drag and Drop Form Builder for WordPress PHP Object Injection (3.6.12)

Jboss EAP Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2017-12617)

Joomla! Core 3.x.x Cross-Site Scripting (3.0.0 - 3.9.27)

Severity

Medium

Classification

CVE-2019-7317 CWE-416

Tags

Missing Update Known Vulnerabilities